161-java-profiling-detect
Pass
Audited by Gen Agent Trust Hub on Jul 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill provides legitimate developer tooling for performance analysis.- [PROMPT_INJECTION]: The instructions contain strong directives for the agent to copy script templates exactly without modification. While such patterns can sometimes be used to prevent safety reasoning, in this context they appear to be standard technical instructions intended to maintain the operational integrity of complex bash scripts.- [COMMAND_EXECUTION]: The skill involves the creation and execution of bash scripts that interact with the system to list Java processes, attach profiling tools, and manage result files. The scripts use standard utilities like
jps,jcmd,jstat, andkill. Safeguards are in place to ensure these tools only interact with identified Java processes.- [EXTERNAL_DOWNLOADS]: The skill explicitly prohibits downloading binaries at runtime, mitigating supply chain risks. It requires the user to provide a path to a pre-installed and trusted async-profiler distribution.- [DATA_EXPOSURE]: The profiling scripts access process information and generate performance data (JFR recordings and flame graphs). This is the intended behavior of a profiling tool and does not involve unauthorized data access or exfiltration to external domains.
Audit Metadata